Vulnerability in PNG file can allow hackers to hack Android smartphones
Beware, while opening a harmless-looking image downloaded from the internet, emails, social media apps, or messaging apps, as it could compromise your smartphone.
Google has discovered three new critical vulnerabilities that allow hackers to hack an Android smartphone just by looking at a PNG image. This bug has affected millions of devices that run on Android OS versions, ranging from Nougat 7.0 to its current Android 9.0 Pie.
The vulnerabilities, identified as CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988, were, however, patched in Android Open Source Project (ASOP) by Google as part of their Android Security Updates for February 2019.
According to Google’s Android Security Bulletin, the vulnerability that allows “a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process,” is the most severe vulnerability.
This means that if a hacker successfully manages to deceive a user to open or download an image from any webpage, or received through an instant messaging service, or as an attachment in an email, he or she can get access to your smartphone.
Besides the three flaws, Google also included fixes for 42 vulnerabilities in the Android OS in total in its 2019 February update, of which 11 are considered as critical, 30 high impact and one medium-gravity.
Google has said that it has no reports of anyone exploiting the vulnerabilities listed in its February security bulletin against real users or in the wild. The search giant also said that it has alerted its Android partners of all vulnerabilities a month before publication, adding that “source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours.”
Unfortunately, it is unknown when third-party handset manufacturers will roll out the security updates on their phones, as many of them take weeks, if not months, to do roll them out. This means your Android handset is still not protected even after receiving the 2019 February update. It is suggested that one should patch their Android smartphone as soon as a security update available from the handset manufacturer.